[OWASP-GUIDE] P3P

Alex Russell alex at securepipe.com
Mon Jan 20 02:28:57 EST 2003


Yes, but the W3C has also backed the horrendous cluster-fsck that is
XHTML 2.0. They aren't the purveyors of everything worth paying
attention to.

Regardless, I can see how it might be relevant were it actually
something that was useful for site developers in helping to protect
their user's privacy, but it's not (IMHO). I'd much rather see a section
that deals with privacy by suggesting that if developers REALLY care
about privacy, that they state on their sites that they will collect
whatever information they like and do whatever they please with it, as
it more accurately refelcts today's situation. As an addendum, we might
add that only procedural controls (i.e., legislation) are going to be an
effective in providing adequate privacy protection for users. Anything
else is either a smokescreen or snake oil, althoug I think P3P is more
the former than the latter, as it seemed well intentioned to start with.

But then, that's just my opinion.

Am I wrong on this one? Is it something that developers care about and
I'm just missing the boat? (it happens regularly, I'm afraid)

On Mon, 19 Jan 2003, Mark Curphey wrote:

> Yeah, W3C ;-)
>
> On Sun, 2003-01-19 at 23:44, Alex Russell wrote:
> > On Saturday 18 January 2003 02:19, Mark Curphey wrote:
> > > I was just chatting to Tim Smith about P3P and he offered to write a
> > > chapter on P3P and re-write the privacy section of the Guide V2.
> > >
> > > I think this would be great content.
> > >
> > > Does everyone else ?
> >
> > Frankly, I'm not sure. I have a hard time either putting P3P forward as a
> > solution to any serious problem, and I'm having a hard time figuring out
> > why it would have a place in the Guide. As always, I'm willing to be
> > convinced either way.
> >
> > Anyone got a compelling argument for why we should have such a thing?

-- 
Alex Russell
alex at SecurePipe.com
alex at netWindows.org




More information about the Owasp-guide mailing list